Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
address of admin panel
#1
I wanted to ask it some time ago, but always forgot to do it.
Is there any chance to add during GS installation own name for admin panel location ?
There are some crawlers trying to find admin panels, and using brute force method login to them.
They search for usual panel locations such as domain/admin, /panel,/admin_login.file_ext and so on.

There's always a way to change it manually by editing all files, but I think that it doesn't make sense.

What do you think about that ?
Addons: blue business theme, Online Visitors, Notepad
Reply
#2
I don't think it should be a dynamic option, but possibley a gsconfig.php setting.
JWH Technologies
Have any marketing ideas for Get-Simple? Let me hear them!
Reply
#3
Maybe remapping it using mod_rewrite would do the thing ?
The only method I know would still let the /admin to be accessible :/
Addons: blue business theme, Online Visitors, Notepad
Reply
#4
There has been talk about this for some time now. The problem with it are pathnames.

You should be able to change the folder to any other name as long as GSADMINPATH (common.php) gets the path right if everything is depending on the GSADMINPATH constant. We are not sure though, whether everything is using GSADMINPATH.

Feel free to change the name of your admin folder and see what changes are needed. We’d love to implement it in the core but other things have had higher priority.
“Don’t forget the important ˚ (not °) on the a,” says the Unicode lover.
Help us test a key change for the core! ¶ Problems with GetSimple? Be sure to enable debug mode!
Reply
#5
Afair there were couple relative paths inside php files.
I have to look at it again.
I firstly thought about creating a directory which would be the /administration_panel, placing there a .htaccess with a directive to proxy everything from /admin directory, and deny direct access to /admin.

I'll try to check it out as soon as I find some time to mess with GS 2.3 :]
As well as messing with hardcoded paths in GS.
If my first solution works out, it would be a matter of adding couple lines inside installation scripts to create 2 .htaccess files and 1 directory.

btw. grats to GS dev team for accomplishing 2.3 milestone Wink
Addons: blue business theme, Online Visitors, Notepad
Reply
#6
K, here's my 1st solution to change admin's panel address.
It needs access to shell, as there has to be created a symbolic link to admin's directory.
I've got one more idea, but I'll test it later.

Those who have access to shell, and are willing to hide /admin URI to disallow unauthorized access, here's the list of things needed to be done.

1. disable access to /admin, and let visitor know, that there's no data under this path
It's quite simple, as we will just show him 404 error page Smile
Add to .htaccess below lines
Code:
RewriteCond %{REQUEST_URI} =/admin/
RewriteRule ^(.*) 404.html [R=301,L]
First line looks if URI/URL contains "admin" string. If it's true, then we serve a 404 html document (page not found). Since my testing environment stays under a subdomain, a 404 error page has to stay somewhere inside GS directory tree. So be sure to provide a valid path to error page, any page you'd like to show, instead of admin panel, or a non existing page.

2. Time to add a symbolic link, to have access to admin panel.
Login to your shell account (using for example putty). Browse to gs root directory, and create a symbolic link using below command
Code:
ln -s admin  hiddenpanel
where "hiddenpanel" is the name, under which you will have access to your GS admin panel.

After finishing second step, test if everything works as supposed.
You should get an error page after entering http://yourdomain/admin, while using http://yourdomain/hiddenpanel should give you access to GS admin panel.


I'll try to provide a solution based only on htaccess, for those who don't have access to shell on their hosting accounts. At least if everything works well Smile
Addons: blue business theme, Online Visitors, Notepad
Reply
#7
I used this method and it seems to work. I choose not to use shell, because I'm not comfortable using it and don't want to mess anything up.
After modifying the .htaccess file to redirect /admin/ to 404 page, I created a .php file in GS root directory and used the php symlink function.

I simply put the following in the .php file and went to the page in the browser:
PHP Code:
<?php symlink('/home/site/public_html/admin''/home/site/public_html/newadminlocation'); ?>

Once the page loaded, the symlink was created and I just deleted that .php file.

Remember, if using symlinks, make sure "Options +FollowSymLinks" is in your .htaccess file.

- Chris


(2010-10-06, 13:54:31)yojoe Wrote: K, here's my 1st solution to change admin's panel address.
It needs access to shell, as there has to be created a symbolic link to admin's directory.
I've got one more idea, but I'll test it later.

Those who have access to shell, and are willing to hide /admin URI to disallow unauthorized access, here's the list of things needed to be done.

1. disable access to /admin, and let visitor know, that there's no data under this path
It's quite simple, as we will just show him 404 error page Smile
Add to .htaccess below lines
Code:
RewriteCond %{REQUEST_URI} =/admin/
RewriteRule ^(.*) 404.html [R=301,L]
First line looks if URI/URL contains "admin" string. If it's true, then we serve a 404 html document (page not found). Since my testing environment stays under a subdomain, a 404 error page has to stay somewhere inside GS directory tree. So be sure to provide a valid path to error page, any page you'd like to show, instead of admin panel, or a non existing page.

2. Time to add a symbolic link, to have access to admin panel.
Login to your shell account (using for example putty). Browse to gs root directory, and create a symbolic link using below command
Code:
ln -s admin  hiddenpanel
where "hiddenpanel" is the name, under which you will have access to your GS admin panel.

After finishing second step, test if everything works as supposed.
You should get an error page after entering http://yourdomain/admin, while using http://yourdomain/hiddenpanel should give you access to GS admin panel.


I'll try to provide a solution based only on htaccess, for those who don't have access to shell on their hosting accounts. At least if everything works well Smile
Reply
#8
Why not just change gsadmin.
There might be one or two issues with it, I plan on testing it fully soon and makin sure it works.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#9
shawn: in gs 2.x there was no simple way to change path to admin panel.
Since v2.4b changed to 3.0 changing admin path takes 2 steps, and afair is described in wiki.
Works flawlessly, but some plugins still refer to admin in a hard way like var = "../../ .... /admin"
Addons: blue business theme, Online Visitors, Notepad
Reply




Users browsing this thread: 1 Guest(s)